<?php
 

define('IN_SCRIPT',1);
/* Get all the required files and functions */
require_once('hd_settings.inc.php');
require_once('language/'.$hd_settings['language'].'.inc.php');
require_once('inc/common.inc.php');
hd_session_start();
hd_isLoggedIn();

/* Print header */
require_once('inc/header.inc.php');

$message=hd_input($_POST['message'],$hdlang['enter_message']);
/* Attach signature to the message? */
if (!empty($_POST['signature']))
{
    $message .= "<br><br>$_SESSION[signature]<br>&nbsp;";
}
$message=hd_makeURL($message);
$message=nl2br($message);
$orig_name=hd_input($_POST['orig_name'],"$hdlang[int_error]: No orig_name");
$orig_email=hd_validateEmail($_POST['orig_email'],"$hdlang[int_error]: No valid orig_email");
$orig_subject=hd_input($_POST['orig_subject'],"$hdlang[int_error]: No orig_subject");
$replyto=hd_isNumber($_POST['orig_id'],"$hdlang[int_error]: No or invalid orig_id");
$trackingID=hd_input($_POST['orig_track'],"$hdlang[int_error]: No orig_track");
$trackingURL=$hd_settings['hd_url'].'/request.php?track='.$trackingID.'&Refresh='.rand(10000,99999);
$admin_trackingURL=$hd_settings['hd_url'].'/admin_request.php?track='.$trackingID.'&Refresh='.rand(10000,99999);

/* Attachments */
if ($hd_settings['attachments']['use']) {
    require_once('inc/attachments.inc.php');
    $attachments = array();
    for ($i=1;$i<=$hd_settings['attachments']['max_number'];$i++) {
        $att = hd_uploadFile($i);
        if (!empty($att)) {
            $attachments[$i] = $att;
        }
    }
}
$myattachments='';

/* Connect to database */
require_once('inc/database.inc.php');
hd_dbConnect() or hd_error("$hdlang[cant_connect_db] $hdlang[contact_webmsater] $hd_settings[webmaster_mail]!");

if ($hd_settings['attachments']['use'] && !empty($attachments)) {
    foreach ($attachments as $myatt) {
        $sql = "INSERT INTO `hd_attachments` (`request_id`,`saved_name`,`real_name`,`size`) VALUES ('$trackingID', '$myatt[saved_name]', '$myatt[real_name]', '$myatt[size]')";
        $result = hd_dbQuery($sql) or hd_error("$hdlang[cant_sql]: $sql</p><p>$hdlang[mysql_said]:<br>".mysql_error()."</p><p>$hdlang[contact_webmsater] $hd_settings[webmaster_mail]");
        $myattachments .= hd_dbInsertID() . '#' . $myatt['real_name'] .',';
    }
}

/* Add reply */
$sql = "
INSERT INTO `hd_replies` (
`replyto`,`name`,`message`,`dt`,`attachments`
)
VALUES (
'$replyto','$_SESSION[name]','$message',NOW(),'$myattachments'
)
";
$result = hd_dbQuery($sql) or hd_error("$hdlang[cant_sql]: $sql</p><p>$hdlang[mysql_said]:<br>".mysql_error()."</p><p>$hdlang[contact_webmsater] $hd_settings[webmaster_mail]");

/* Change the status of priority? */
if (!empty($_POST['set_priority']))
{
    $priority=hd_input($_POST['priority'],$hdlang['select_priority']);
    $priority_sql = ",`priority`='$priority'";
}
else
{
    $priority_sql = "";
}

/* Update the original request */
if (!empty($_POST['close']))
{
    $sql = "UPDATE `hd_requests` SET `status`='3',`lastreplier`='1',`lastchange`=NOW() $priority_sql WHERE `id`=$replyto LIMIT 1";
}
else
{
    $sql = "UPDATE `hd_requests` SET `status`='2',`lastreplier`='1',`lastchange`=NOW() $priority_sql WHERE `id`=$replyto LIMIT 1";
}
$result = hd_dbQuery($sql) or hd_error("$hdlang[cant_sql]: $sql</p><p>$hdlang[mysql_said]:<br>".mysql_error()."</p><p>$hdlang[contact_webmsater] $hd_settings[webmaster_mail]");


/*** Send "New reply added" e-mail ***/
/* Get e-mail message */
$fp=fopen('emails/new_reply_by_staff.txt','r');
$message=fread($fp,filesize('emails/new_reply_by_staff.txt'));
fclose($fp);

$message=str_replace('%%NAME%%',$orig_name,$message);
$message=str_replace('%%SUBJECT%%',$orig_subject,$message);
$message=str_replace('%%TRACK_ID%%',$trackingID,$message);
$message=str_replace('%%TRACK_URL%%',$trackingURL,$message);
$message=str_replace('%%SITE_TITLE%%',$hd_settings['site_title'] ,$message);
$message=str_replace('%%SITE_URL%%',$hd_settings['site_url'] ,$message);

/* Send the e-mail */
$headers="From: $hd_settings[noreply_mail]\n";
$headers.="Reply-to: $hd_settings[noreply_mail]\n";
@mail($orig_email,$hdlang['new_reply_staff'],$message,$headers);

/* Print admin navigation */
require_once('inc/show_admin_nav.inc.php');

?>

</td>
</tr>
<tr>
<td>

<p>&nbsp;</p>
<h3 align="center"><?php echo $hdlang['reply_added']; ?></h3>
<p>&nbsp;</p>
<p align="center"><?php
echo $hdlang['reply_submitted'].'. ';
if (!empty($_POST['close']))
{
    echo $hdlang['request_marked']." <font class=\"open\">$hdlang[close]</font>.";
}
?></p>
<p align="center"><a href="<?php echo $admin_trackingURL; ?>"><?php echo $hdlang['view_request']; ?></a> |
<a href="admin_main.php"><?php echo $hdlang['main_page']; ?></a></p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>

<!-- HR -->
<p>&nbsp;</p>

<?php
require_once('inc/footer.inc.php');
exit();

?>
